Router 1.1.1.1
hostname r1.1.1.1
interface Loopback0
ip address 1.1.1.1 255.0.0.0
interface Ethernet0
ip address 4.0.0.1 255.0.0.0
ip ospf message-digest-key 1 md5 cisco
!--- This command configures the MD5 authentication key
!--- on the interface as "cisco".
interface Serial0
ip address 5.0.0.1 255.0.0.0
clockrate 64000
!
router ospf 2
network 4.0.0.0 0.255.255.255 area 0
network 5.0.0.0 0.255.255.255 area 1
area 0 authentication message-digest
!--- This command enables MD5 authentication for area 0
!--- on the router.
area 1 virtual-link 3.3.3.3 message-digest-key 1 md5 cisco
!--- This command creates the virtual link between Router
!--- 1.1.1.1 and Router 3.3.3.3 with MD5 authentication enabled.
Router 3.3.3.3
hostname r3.3.3.3
interface Loopback0
ip address 3.3.3.3 255.0.0.0
interface Ethernet0
ip address 12.0.0.3 255.0.0.0
interface Serial0
ip address 6.0.0.3 255.0.0.0
!
router ospf 2
network 12.0.0.0 0.255.255.255 area 2
network 6.0.0.0 0.255.255.255 area 1
area 0 authentication message-digest
!--- This command enables MD5 authentication for area 0
!--- on the router.
area 1 virtual-link 1.1.1.1 message-digest-key 1 md5 cisco
!--- This command creates the virtual link to area 0 via
!--- the transit area 1 with MD5 authentication enabled.
If we use this as an example of a common misunderstanding concerning
the virtual-link in OSPF. One issue that stands out to me is the area
0 authentication message-digest
Notice that it is uses area 0 for the message digest and not the
transit area or the non-transit far side area. This is an issue that
may only be worth 1-2 points but it can cause a headache if we forget
it or worse are not aware of it. So how do we troubleshoot it. Since
Anthony and Joe have been nice enough to follow along, I will let them
explain the details of the problem. How it presents itself, and why we
the problem exists.
Blogs and organic groups at http://www.ccie.net
Received on Fri Sep 25 2009 - 19:19:43 ART
This archive was generated by hypermail 2.2.0 : Sun Oct 04 2009 - 07:42:04 ART